I have created a better patch (attached) that correctly escapes the shell arguments using PQExpBufferStr and the appendShellString function, as per Michael and Andres' suggestions.
Further suggestions welcome of course. Ryan On Wed, Aug 17, 2016 at 8:28 AM, Ryan Murphy <ryanfmur...@gmail.com> wrote: > That makes sense, Michael and Andres. > > I started to make a solution that uses a PQExpBuffer, appendShellString, > etc. I think it will work just fine, but I think I need to alter the > Makefile as well, to get initdb.c to be compiled using > -L../../../src/fe_utils -lpgfeutils. Otherwise I am having issues linking: > > gcc -Wall -Wmissing-prototypes -Wpointer-arith > -Wdeclaration-after-statement -Wendif-labels -Wmissing-format-attribute > -Wformat-security -fno-strict-aliasing -fwrapv > -Wno-unused-command-line-argument > -O2 initdb.o findtimezone.o localtime.o encnames.o -L../../../src/port > -L../../../src/common -Wl,-dead_strip_dylibs -lpgcommon -lpgport -lz > -lreadline -lm -o initdb > Undefined symbols for architecture x86_64: > "_appendPQExpBufferStr", referenced from: > _main in initdb.o > "_appendShellString", referenced from: > _main in initdb.o > "_createPQExpBuffer", referenced from: > _main in initdb.o > "_destroyPQExpBuffer", referenced from: > _main in initdb.o > ld: symbol(s) not found for architecture x86_64 > clang: error: linker command failed with exit code 1 (use -v to see > invocation) > > On Tue, Aug 16, 2016 at 10:00 PM, Michael Paquier < > michael.paqu...@gmail.com> wrote: > >> On Wed, Aug 17, 2016 at 8:05 AM, Andres Freund <and...@anarazel.de> >> wrote: >> > ISTM that the correct fix would be to actually introduce something like >> > quote_path_for_shell() which either adds proper quotes, or fails if >> > that'd be hard (e.g. if the path contains quotes, and we're on >> > windows). >> >> You are looking for appendShellString in fe_utils/string_utils.c. >> -- >> Michael >> > >
Description: Binary data
-- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers